diff options
15 files changed, 40 insertions, 1950 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch b/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch deleted file mode 100644 index 39a2e5a94d..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 00456fded43eadd4bb94bf675ae4ea5d158a764f Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <steve@openssl.org> -Date: Wed, 4 Nov 2015 13:30:03 +0000 -Subject: [PATCH] Add test for CVE-2015-3194 - -Reviewed-by: Richard Levitte <levitte@openssl.org> - -Upstream-Status: Backport - -This patch was imported from -https://git.openssl.org/?p=openssl.git;a=commit;h=00456fded43eadd4bb94bf675ae4ea5d158a764f -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - test/certs/pss1.pem | 21 +++++++++++++++++++++ - test/tx509 | 7 +++++++ - 2 files changed, 28 insertions(+) - create mode 100644 test/certs/pss1.pem - -diff --git a/test/certs/pss1.pem b/test/certs/pss1.pem -new file mode 100644 -index 0000000..29da71d ---- /dev/null -+++ b/test/certs/pss1.pem -@@ -0,0 +1,21 @@ -+-----BEGIN CERTIFICATE----- -+MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI -+AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD -+VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz -+NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj -+ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH -+qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL -+IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT -+IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k -+dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq -+QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa -+5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2 -+4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB -+Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii -+BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb -+xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn -+plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY -+DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p -+NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ -+lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8= -+-----END CERTIFICATE----- -diff --git a/test/tx509 b/test/tx509 -index 0ce3b52..77f5cac 100644 ---- a/test/tx509 -+++ b/test/tx509 -@@ -74,5 +74,12 @@ if [ $? != 0 ]; then exit 1; fi - cmp x509-f.p x509-ff.p3 - if [ $? != 0 ]; then exit 1; fi - -+echo "Parsing test certificates" -+ -+$cmd -in certs/pss1.pem -text -noout >/dev/null -+if [ $? != 0 ]; then exit 1; fi -+ -+echo OK -+ - /bin/rm -f x509-f.* x509-ff.* x509-fff.* - exit 0 --- -2.3.5 - diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch deleted file mode 100644 index 125016a23a..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch +++ /dev/null @@ -1,101 +0,0 @@ -From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001 -From: Andy Polyakov <appro@openssl.org> -Date: Tue, 1 Dec 2015 09:00:32 +0100 -Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug - (CVE-2015-3193). - -Reviewed-by: Richard Levitte <levitte@openssl.org> -(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107) - -Upstream-Status: Backport - -This patch was imported from -https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++--- - crypto/bn/bntest.c | 18 ++++++++++++++++++ - 2 files changed, 37 insertions(+), 3 deletions(-) - -Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl -=================================================================== ---- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl -+++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl -@@ -1779,6 +1779,15 @@ sqr8x_reduction: - .align 32 - .L8x_tail_done: - add (%rdx),%r8 # can this overflow? -+ adc \$0,%r9 -+ adc \$0,%r10 -+ adc \$0,%r11 -+ adc \$0,%r12 -+ adc \$0,%r13 -+ adc \$0,%r14 -+ adc \$0,%r15 # can't overflow, because we -+ # started with "overhung" part -+ # of multiplication - xor %rax,%rax - - neg $carry -@@ -3125,6 +3134,15 @@ sqrx8x_reduction: - .align 32 - .Lsqrx8x_tail_done: - add 24+8(%rsp),%r8 # can this overflow? -+ adc \$0,%r9 -+ adc \$0,%r10 -+ adc \$0,%r11 -+ adc \$0,%r12 -+ adc \$0,%r13 -+ adc \$0,%r14 -+ adc \$0,%r15 # can't overflow, because we -+ # started with "overhung" part -+ # of multiplication - mov $carry,%rax # xor %rax,%rax - - sub 16+8(%rsp),$carry # mov 16(%rsp),%cf -@@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp"); - my @ri=map("%r$_",(10..13)); - my @ni=map("%r$_",(14..15)); - $code.=<<___; -- xor %rbx,%rbx -+ xor %ebx,%ebx - sub %r15,%rsi # compare top-most words - adc %rbx,%rbx - mov %rcx,%r10 # -$num -- .byte 0x67 - or %rbx,%rax -- .byte 0x67 - mov %rcx,%r9 # -$num - xor \$1,%rax - sar \$3+2,%rcx # cf=0 -Index: openssl-1.0.2d/crypto/bn/bntest.c -=================================================================== ---- openssl-1.0.2d.orig/crypto/bn/bntest.c -+++ openssl-1.0.2d/crypto/bn/bntest.c -@@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp, - return 0; - } - } -+ -+ /* Regression test for carry propagation bug in sqr8x_reduction */ -+ BN_hex2bn(&a, "050505050505"); -+ BN_hex2bn(&b, "02"); -+ BN_hex2bn(&c, -+ "4141414141414141414141274141414141414141414141414141414141414141" -+ "4141414141414141414141414141414141414141414141414141414141414141" -+ "4141414141414141414141800000000000000000000000000000000000000000" -+ "0000000000000000000000000000000000000000000000000000000000000000" -+ "0000000000000000000000000000000000000000000000000000000000000000" -+ "0000000000000000000000000000000000000000000000000000000001"); -+ BN_mod_exp(d, a, b, c, ctx); -+ BN_mul(e, a, a, ctx); -+ if (BN_cmp(d, e)) { -+ fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n"); -+ return 0; -+ } -+ - BN_free(a); - BN_free(b); - BN_free(c); diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch deleted file mode 100644 index 13d48913b3..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch +++ /dev/null @@ -1,45 +0,0 @@ -From c394a488942387246653833359a5c94b5832674e Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <steve@openssl.org> -Date: Fri, 2 Oct 2015 12:35:19 +0100 -Subject: [PATCH] Add PSS parameter check. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Avoid seg fault by checking mgf1 parameter is not NULL. This can be -triggered during certificate verification so could be a DoS attack -against a client or a server enabling client authentication. - -Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug. - -CVE-2015-3194 - -Reviewed-by: Richard Levitte <levitte@openssl.org> - -Upstream-Status: Backport - -This patch was imported from -https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - crypto/rsa/rsa_ameth.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c -index ca3922e..4e06218 100644 ---- a/crypto/rsa/rsa_ameth.c -+++ b/crypto/rsa/rsa_ameth.c -@@ -268,7 +268,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) - { - const unsigned char *p; - int plen; -- if (alg == NULL) -+ if (alg == NULL || alg->parameter == NULL) - return NULL; - if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) - return NULL; --- -2.3.5 - diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch deleted file mode 100644 index 6fc4d0e839..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch +++ /dev/null @@ -1,66 +0,0 @@ -From cc598f321fbac9c04da5766243ed55d55948637d Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <steve@openssl.org> -Date: Tue, 10 Nov 2015 19:03:07 +0000 -Subject: [PATCH] Fix leak with ASN.1 combine. - -When parsing a combined structure pass a flag to the decode routine -so on error a pointer to the parent structure is not zeroed as -this will leak any additional components in the parent. - -This can leak memory in any application parsing PKCS#7 or CMS structures. - -CVE-2015-3195. - -Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using -libFuzzer. - -PR#4131 - -Reviewed-by: Richard Levitte <levitte@openssl.org> - -Upstream-Status: Backport - -This patch was imported from -https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - crypto/asn1/tasn_dec.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c -index febf605..9256049 100644 ---- a/crypto/asn1/tasn_dec.c -+++ b/crypto/asn1/tasn_dec.c -@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - int otag; - int ret = 0; - ASN1_VALUE **pchptr, *ptmpval; -+ int combine = aclass & ASN1_TFLG_COMBINE; -+ aclass &= ~ASN1_TFLG_COMBINE; - if (!pval) - return 0; - if (aux && aux->asn1_cb) -@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - auxerr: - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); - err: -- ASN1_item_ex_free(pval, it); -+ if (combine == 0) -+ ASN1_item_ex_free(pval, it); - if (errtt) - ERR_add_error_data(4, "Field=", errtt->field_name, - ", Type=", it->sname); -@@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, - } else { - /* Nothing special */ - ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -- -1, 0, opt, ctx); -+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); - if (!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; --- -2.3.5 - diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch deleted file mode 100644 index dd288c93fb..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch +++ /dev/null @@ -1,63 +0,0 @@ -From d81a1600588b726c2bdccda7efad3cc7a87d6245 Mon Sep 17 00:00:00 2001 -From: Viktor Dukhovni <openssl-users@dukhovni.org> -Date: Wed, 30 Dec 2015 22:44:51 -0500 -Subject: [PATCH] Better SSLv2 cipher-suite enforcement - -Based on patch by: Nimrod Aviram <nimrod.aviram@gmail.com> - -CVE-2015-3197 - -Reviewed-by: Tim Hudson <tjh@openssl.org> -Reviewed-by: Richard Levitte <levitte@openssl.org> - -Upstream-Status: Backport -https://github.com/openssl/openssl/commit/d81a1600588b726c2bdccda7efad3cc7a87d6245 - -CVE: CVE-2015-3197 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - ssl/s2_srvr.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -Index: openssl-1.0.2d/ssl/s2_srvr.c -=================================================================== ---- openssl-1.0.2d.orig/ssl/s2_srvr.c -+++ openssl-1.0.2d/ssl/s2_srvr.c -@@ -402,7 +402,7 @@ static int get_client_master_key(SSL *s) - } - - cp = ssl2_get_cipher_by_char(p); -- if (cp == NULL) { -+ if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) { - ssl2_return_error(s, SSL2_PE_NO_CIPHER); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH); - return (-1); -@@ -687,8 +687,12 @@ static int get_client_hello(SSL *s) - prio = cs; - allow = cl; - } -+ -+ /* Generate list of SSLv2 ciphers shared between client and server */ - for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) { -- if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) { -+ const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z); -+ if ((cp->algorithm_ssl & SSL_SSLV2) == 0 || -+ sk_SSL_CIPHER_find(allow, cp) < 0) { - (void)sk_SSL_CIPHER_delete(prio, z); - z--; - } -@@ -697,6 +701,13 @@ static int get_client_hello(SSL *s) - sk_SSL_CIPHER_free(s->session->ciphers); - s->session->ciphers = prio; - } -+ -+ /* Make sure we have at least one cipher in common */ -+ if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) { -+ ssl2_return_error(s, SSL2_PE_NO_CIPHER); -+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH); -+ return -1; -+ } - /* - * s->session->ciphers should now have a list of ciphers that are on - * both the client and server. This list is ordered by the order the diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch deleted file mode 100644 index cf2d9a7b04..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 878e2c5b13010329c203f309ed0c8f2113f85648 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Mon, 18 Jan 2016 11:31:58 +0000 -Subject: [PATCH] Prevent small subgroup attacks on DH/DHE - -Historically OpenSSL only ever generated DH parameters based on "safe" -primes. More recently (in version 1.0.2) support was provided for -generating X9.42 style parameter files such as those required for RFC -5114 support. The primes used in such files may not be "safe". Where an -application is using DH configured with parameters based on primes that -are not "safe" then an attacker could use this fact to find a peer's -private DH exponent. This attack requires that the attacker complete -multiple handshakes in which the peer uses the same DH exponent. - -A simple mitigation is to ensure that y^q (mod p) == 1 - -CVE-2016-0701 (fix part 1 of 2) - -Issue reported by Antonio Sanso. - -Reviewed-by: Viktor Dukhovni <viktor@openssl.org> - -Upstream-Status: Backport - -https://github.com/openssl/openssl/commit/878e2c5b13010329c203f309ed0c8f2113f85648 - -CVE: CVE-2016-0701 -Signed-of-by: Armin Kuster <akuster@mvisa.com> - ---- - crypto/dh/dh.h | 1 + - crypto/dh/dh_check.c | 35 +++++++++++++++++++++++++---------- - 2 files changed, 26 insertions(+), 10 deletions(-) - -diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h -index b177673..5498a9d 100644 ---- a/crypto/dh/dh.h -+++ b/crypto/dh/dh.h -@@ -174,6 +174,7 @@ struct dh_st { - /* DH_check_pub_key error codes */ - # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 - # define DH_CHECK_PUBKEY_TOO_LARGE 0x02 -+# define DH_CHECK_PUBKEY_INVALID 0x03 - - /* - * primes p where (p-1)/2 is prime too are called "safe"; we define this for -diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c -index 347467c..5adedc0 100644 ---- a/crypto/dh/dh_check.c -+++ b/crypto/dh/dh_check.c -@@ -151,23 +151,38 @@ int DH_check(const DH *dh, int *ret) - int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) - { - int ok = 0; -- BIGNUM *q = NULL; -+ BIGNUM *tmp = NULL; -+ BN_CTX *ctx = NULL; - - *ret = 0; -- q = BN_new(); -- if (q == NULL) -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) - goto err; -- BN_set_word(q, 1); -- if (BN_cmp(pub_key, q) <= 0) -+ BN_CTX_start(ctx); -+ tmp = BN_CTX_get(ctx); -+ if (tmp == NULL) -+ goto err; -+ BN_set_word(tmp, 1); -+ if (BN_cmp(pub_key, tmp) <= 0) - *ret |= DH_CHECK_PUBKEY_TOO_SMALL; -- BN_copy(q, dh->p); -- BN_sub_word(q, 1); -- if (BN_cmp(pub_key, q) >= 0) -+ BN_copy(tmp, dh->p); -+ BN_sub_word(tmp, 1); -+ if (BN_cmp(pub_key, tmp) >= 0) - *ret |= DH_CHECK_PUBKEY_TOO_LARGE; - -+ if (dh->q != NULL) { -+ /* Check pub_key^q == 1 mod p */ -+ if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx)) -+ goto err; -+ if (!BN_is_one(tmp)) -+ *ret |= DH_CHECK_PUBKEY_INVALID; -+ } -+ - ok = 1; - err: -- if (q != NULL) -- BN_free(q); -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } - return (ok); - } --- -2.3.5 - diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_2.patch deleted file mode 100644 index 05caf0a99e..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_2.patch +++ /dev/null @@ -1,156 +0,0 @@ -From c5b831f21d0d29d1e517d139d9d101763f60c9a2 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Thu, 17 Dec 2015 02:57:20 +0000 -Subject: [PATCH] Always generate DH keys for ephemeral DH cipher suites - -Modified version of the commit ffaef3f15 in the master branch by Stephen -Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always -generates a new DH key for every handshake regardless. - -CVE-2016-0701 (fix part 2 or 2) - -Issue reported by Antonio Sanso - -Reviewed-by: Viktor Dukhovni <viktor@openssl.org> - -Upstream-Status: Backport - -https://github.com/openssl/openssl/commit/c5b831f21d0d29d1e517d139d9d101763f60c9a2 - -CVE: CVE-2016-0701 #2 -Signed-of-by: Armin Kuster <akuster@mvisa.com> - ---- - doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 29 +++++------------------------ - ssl/s3_lib.c | 14 -------------- - ssl/s3_srvr.c | 17 +++-------------- - ssl/ssl.h | 2 +- - 4 files changed, 9 insertions(+), 53 deletions(-) - -Index: openssl-1.0.2d/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod -=================================================================== ---- openssl-1.0.2d.orig/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod -+++ openssl-1.0.2d/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod -@@ -48,25 +48,8 @@ even if he gets hold of the normal (cert - only used for signing. - - In order to perform a DH key exchange the server must use a DH group --(DH parameters) and generate a DH key. --The server will always generate a new DH key during the negotiation --if either the DH parameters are supplied via callback or the --SSL_OP_SINGLE_DH_USE option of SSL_CTX_set_options(3) is set (or both). --It will immediately create a DH key if DH parameters are supplied via --SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. --In this case, --it may happen that a key is generated on initialization without later --being needed, while on the other hand the computer time during the --negotiation is being saved. -- --If "strong" primes were used to generate the DH parameters, it is not strictly --necessary to generate a new key for each handshake but it does improve forward --secrecy. If it is not assured that "strong" primes were used, --SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup --attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the --computer time needed during negotiation, but it is not very large, so --application authors/users should consider always enabling this option. --The option is required to implement perfect forward secrecy (PFS). -+(DH parameters) and generate a DH key. The server will always generate -+a new DH key during the negotiation. - - As generating DH parameters is extremely time consuming, an application - should not generate the parameters on the fly but supply the parameters. -@@ -93,10 +76,9 @@ can supply the DH parameters via a callb - Previous versions of the callback used B<is_export> and B<keylength> - parameters to control parameter generation for export and non-export - cipher suites. Modern servers that do not support export ciphersuites --are advised to either use SSL_CTX_set_tmp_dh() in combination with --SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore --B<keylength> and B<is_export> and simply supply at least 2048-bit --parameters in the callback. -+are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use -+the callback but ignore B<keylength> and B<is_export> and simply -+supply at least 2048-bit parameters in the callback. - - =head1 EXAMPLES - -@@ -128,7 +110,6 @@ partly left out.) - if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { - /* Error. */ - } -- SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); - ... - - =head1 RETURN VALUES -Index: openssl-1.0.2d/ssl/s3_lib.c -=================================================================== ---- openssl-1.0.2d.orig/ssl/s3_lib.c -+++ openssl-1.0.2d/ssl/s3_lib.c -@@ -3206,13 +3206,6 @@ long ssl3_ctrl(SSL *s, int cmd, long lar - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); - return (ret); - } -- if (!(s->options & SSL_OP_SINGLE_DH_USE)) { -- if (!DH_generate_key(dh)) { -- DH_free(dh); -- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); -- return (ret); -- } -- } - if (s->cert->dh_tmp != NULL) - DH_free(s->cert->dh_tmp); - s->cert->dh_tmp = dh; -@@ -3710,13 +3703,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); - return 0; - } -- if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { -- if (!DH_generate_key(new)) { -- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); -- DH_free(new); -- return 0; -- } -- } - if (cert->dh_tmp != NULL) - DH_free(cert->dh_tmp); - cert->dh_tmp = new; -Index: openssl-1.0.2d/ssl/s3_srvr.c -=================================================================== ---- openssl-1.0.2d.orig/ssl/s3_srvr.c -+++ openssl-1.0.2d/ssl/s3_srvr.c -@@ -1684,20 +1684,9 @@ int ssl3_send_server_key_exchange(SSL *s - } - - s->s3->tmp.dh = dh; -- if ((dhp->pub_key == NULL || -- dhp->priv_key == NULL || -- (s->options & SSL_OP_SINGLE_DH_USE))) { -- if (!DH_generate_key(dh)) { -- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); -- goto err; -- } -- } else { -- dh->pub_key = BN_dup(dhp->pub_key); -- dh->priv_key = BN_dup(dhp->priv_key); -- if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) { -- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); -- goto err; -- } -+ if (!DH_generate_key(dh)) { -+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); -+ goto err; - } - r[0] = dh->p; - r[1] = dh->g; -Index: openssl-1.0.2d/ssl/ssl.h -=================================================================== ---- openssl-1.0.2d.orig/ssl/ssl.h -+++ openssl-1.0.2d/ssl/ssl.h -@@ -625,7 +625,7 @@ struct ssl_session_st { - # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L - /* If set, always create a new key when using tmp_ecdh parameters */ - # define SSL_OP_SINGLE_ECDH_USE 0x00080000L --/* If set, always create a new key when using tmp_dh parameters */ -+/* Does nothing: retained for compatibility */ - # define SSL_OP_SINGLE_DH_USE 0x00100000L - /* Does nothing: retained for compatibiity */ - # define SSL_OP_EPHEMERAL_RSA 0x0 diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch deleted file mode 100644 index e5635fec19..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch +++ /dev/null @@ -1,198 +0,0 @@ -From 9dfd2be8a1761fffd152a92d8f1b356ad667eea7 Mon Sep 17 00:00:00 2001 -From: Viktor Dukhovni <openssl-users@dukhovni.org> -Date: Wed, 17 Feb 2016 21:07:48 -0500 -Subject: [PATCH] Disable SSLv2 default build, default negotiation and weak - ciphers. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -SSLv2 is by default disabled at build-time. Builds that are not -configured with "enable-ssl2" will not support SSLv2. Even if -"enable-ssl2" is used, users who want to negotiate SSLv2 via the -version-flexible SSLv23_method() will need to explicitly call either -of: - - SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); -or - SSL_clear_options(ssl, SSL_OP_NO_SSLv2); - -as appropriate. Even if either of those is used, or the application -explicitly uses the version-specific SSLv2_method() or its client -or server variants, SSLv2 ciphers vulnerable to exhaustive search -key recovery have been removed. Specifically, the SSLv2 40-bit -EXPORT ciphers, and SSLv2 56-bit DES are no longer available. - -Mitigation for CVE-2016-0800 - -Reviewed-by: Emilia Käsper <emilia@openssl.org> - -Upstream-Status: Backport - -https://git.openssl.org/?p=openssl.git;a=commit;h=9dfd2be8a1761fffd152a92d8f1b356ad667eea7 - -CVE: CVE-2016-0800 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - CHANGES | 17 +++++++++++++++++ - Configure | 3 ++- - NEWS | 2 +- - ssl/s2_lib.c | 6 ++++++ - ssl/ssl_conf.c | 10 +++++++++- - ssl/ssl_lib.c | 7 +++++++ - 6 files changed, 42 insertions(+), 3 deletions(-) - -Index: openssl-1.0.2d/Configure -=================================================================== ---- openssl-1.0.2d.orig/Configure -+++ openssl-1.0.2d/Configure -@@ -847,9 +847,10 @@ my %disabled = ( # "what" => "co - "md2" => "default", - "rc5" => "default", - "rfc3779" => "default", -- "sctp" => "default", -+ "sctp" => "default", - "shared" => "default", - "ssl-trace" => "default", -+ "ssl2" => "default", - "store" => "experimental", - "unit-test" => "default", - "zlib" => "default", -Index: openssl-1.0.2d/ssl/s2_lib.c -=================================================================== ---- openssl-1.0.2d.orig/ssl/s2_lib.c -+++ openssl-1.0.2d/ssl/s2_lib.c -@@ -156,6 +156,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip - 128, - }, - -+# if 0 - /* RC4_128_EXPORT40_WITH_MD5 */ - { - 1, -@@ -171,6 +172,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip - 40, - 128, - }, -+# endif - - /* RC2_128_CBC_WITH_MD5 */ - { -@@ -188,6 +190,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip - 128, - }, - -+# if 0 - /* RC2_128_CBC_EXPORT40_WITH_MD5 */ - { - 1, -@@ -203,6 +206,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip - 40, - 128, - }, -+# endif - - # ifndef OPENSSL_NO_IDEA - /* IDEA_128_CBC_WITH_MD5 */ -@@ -222,6 +226,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip - }, - # endif - -+# if 0 - /* DES_64_CBC_WITH_MD5 */ - { - 1, -@@ -237,6 +242,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip - 56, - 56, - }, -+# endif - - /* DES_192_EDE3_CBC_WITH_MD5 */ - { -Index: openssl-1.0.2d/ssl/ssl_conf.c -=================================================================== ---- openssl-1.0.2d.orig/ssl/ssl_conf.c -+++ openssl-1.0.2d/ssl/ssl_conf.c -@@ -330,11 +330,19 @@ static int cmd_Protocol(SSL_CONF_CTX *cc - SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1), - SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2) - }; -+ int ret; -+ int sslv2off; -+ - if (!(cctx->flags & SSL_CONF_FLAG_FILE)) - return -2; - cctx->tbl = ssl_protocol_list; - cctx->ntbl = sizeof(ssl_protocol_list) / sizeof(ssl_flag_tbl); -- return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); -+ -+ sslv2off = *cctx->poptions & SSL_OP_NO_SSLv2; -+ ret = CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); -+ /* Never turn on SSLv2 through configuration */ -+ *cctx->poptions |= sslv2off; -+ return ret; - } - - static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) -Index: openssl-1.0.2d/ssl/ssl_lib.c -=================================================================== ---- openssl-1.0.2d.orig/ssl/ssl_lib.c -+++ openssl-1.0.2d/ssl/ssl_lib.c -@@ -2052,6 +2052,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - */ - ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - -+ /* -+ * Disable SSLv2 by default, callers that want to enable SSLv2 will have to -+ * explicitly clear this option via either of SSL_CTX_clear_options() or -+ * SSL_clear_options(). -+ */ -+ ret->options |= SSL_OP_NO_SSLv2; -+ - return (ret); - err: - SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); -Index: openssl-1.0.2d/CHANGES -=================================================================== ---- openssl-1.0.2d.orig/CHANGES -+++ openssl-1.0.2d/CHANGES -@@ -2,6 +2,25 @@ - OpenSSL CHANGES - _______________ - -+ -+ * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 -+ is by default disabled at build-time. Builds that are not configured with -+ "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, -+ users who want to negotiate SSLv2 via the version-flexible SSLv23_method() -+ will need to explicitly call either of: -+ -+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); -+ or -+ SSL_clear_options(ssl, SSL_OP_NO_SSLv2); -+ -+ as appropriate. Even if either of those is used, or the application -+ explicitly uses the version-specific SSLv2_method() or its client and -+ server variants, SSLv2 ciphers vulnerable to exhaustive search key -+ recovery have been removed. Specifically, the SSLv2 40-bit EXPORT -+ ciphers, and SSLv2 56-bit DES are no longer available. -+ [Viktor Dukhovni] -+ -+ - Changes between 1.0.2c and 1.0.2d [9 Jul 2015] - - *) Alternate chains certificate forgery -Index: openssl-1.0.2d/NEWS -=================================================================== ---- openssl-1.0.2d.orig/NEWS -+++ openssl-1.0.2d/NEWS -@@ -1,6 +1,7 @@ - - NEWS - ==== -+ Disable SSLv2 default build, default negotiation and weak ciphers. - - This file gives a brief overview of the major changes between each OpenSSL - release. For more details please read the CHANGES file. diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch deleted file mode 100644 index de89d08d5c..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch +++ /dev/null @@ -1,592 +0,0 @@ -From 021fb42dd0cf2bf985b0e26ca50418eb42c00d09 Mon Sep 17 00:00:00 2001 -From: Viktor Dukhovni <openssl-users@dukhovni.org> -Date: Wed, 17 Feb 2016 23:38:55 -0500 -Subject: [PATCH] Bring SSL method documentation up to date -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - |